[16738] in bugtraq

home help back first fref pref prev next nref lref last post

Corrections for "Using the Unused" and for "The DF Playground"

daemon@ATHENA.MIT.EDU (Ofir Arkin)
Wed Sep 13 12:12:34 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="windows-1255"
Content-Transfer-Encoding: 7bit
Message-Id:  <GDEIJDIGIGIFHEIILCALAENICEAA.ofir@itcon-ltd.com>
Date:         Wed, 13 Sep 2000 08:50:57 -0000
Reply-To: Ofir Arkin <ofir@ITCON-LTD.COM>
From: Ofir Arkin <ofir@ITCON-LTD.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

Apparently I had a mistake in my postings regarding OpenBSD.

As it turn out, OpenBSD DOES not set the DF on the replies and
DOES not echo the Reserved bit.

What this means is Solaris is the ONLY operating system to set
the DF bit on ICMP Query replies enabling us to identify it exclusively.

And Solaris and HPUX 11.0 are the ONLY operating systems to Echo
back the Reserved Bit.

Since Solaris sets the DF bit as well we can distinguish between
Sun Solaris Machines and HPUX 11.0 machines.

For all of you who wrote back to say that we can turn off replies
for various ICMP Queries with Solaris - PLEASE DO SO! This is the reason
for all this :)

I am sorry for the inconvenient and for the error.



Ofir Arkin  [ofir@itcon-ltd.com]
Senior Security Analyst
Chief of Grey Hats
ITcon, Israel.
http://www.itcon-ltd.com

Personal Web page: http://www.sys-security.com

"Opinions expressed do not necessarily
represent the views of my employer."

home help back first fref pref prev next nref lref last post